I'd be interested to know if my method, which can be read about, and the script is renewed, with grsecurity having taken, appears to me good care of by minipli and friends (just the LTS kernel being patched, but that is still very valuable)...

I'd be interested to know if my method, works fine with Debian and Ubuntu.

In Devuan we use the exact same kernel(s) as is used in Debian. Probably the rest of the kernels from the list too, but I know about mine.

This is my machine (I grep out 4.9.3 and 4.9.5, such as 4.9.39 and 4.9.51 --soon also 4.9.52-- because I have a few minipli grsecurity-hardened kernels, and the topic is Debian/Devuan kernels compatibility):

(I mean other than Udoo x86, which I'd never recommend to anybody, because I'd very strongly expect Intel owns it, not you, and owns you through it: it's closed source, black box hardware. IIUC.)

But on the question about compatibility, I'd believe Devuan and Debian kernels being same, even my packages should work fine on Debian/Ubuntu as well, and if you go the best way, which is compiling your own kernel and hardening it with the fresh unofficial-grsecurity patches, it can not be in any way incompatible in the, I believe, whole Debian family (but I am not familiar with many other of the Debian family distro-members)!

I also take all the precautions when I compile the packages. For that reason I put fat warnings if I have any marginal doubts of my systems.

I have no room for more than one set of packages at a time (anyway, those who compile, know that they also get a debugger package, which I can post), so I think I'll always be removing the old, and posting the new... (very probably).

Pls. pls., no warranties! But I think my system was only attacked but not compromised... Doing huge work of analysis of the network traces, and not and expert, but it does look the system wasn't compromised, and my big fat warning on page:

was an exaggeration... But still no warranties. Use at your own risk. I too trusted HacKurx's work and I believe I won't regret in the least...

Again, I run Devuan, but the kernels are same in Debian and Devuan. Except for systemd-related stuff, Devuan is mostly still just in most respects: a Debian of a kind.

And the patch that I used, I have to sign with my PGP-key, since HacKurx didn't sign them, but gave the SHA256, which I testify you will get too, if my PGP-signiture you get is uncompromised (I'll be posting it next at, wait a minute... it'll be... It is, from right now at:

If you compile, you will need to modify the part related to the patch in the grsec-dev1-compile.sh ... I hope HacKurx instead from now keeps to the tradition started by minipli with the unofficial-grsec patches.

( Pls. do tell if I made any mistakes in linking or signing, such as if something doesn't verify, or if you have any issues. )

Testing new versions of LTS patched with unofficial-grsecurity is better in my view.However, if corsac returns and takes up packaging the unofficial-grsecurity-patched LTS, I'm all for it! EDIT 2017-11-16 18:00 UTC Oh! That is corsac maintaining it! So glad to know! Thanks for telling us, Head_on_a_Stick!. Last time I looked it up, that wasn't the case... But I'm slow...EDIT END

That's the Debian package version, the kernel version is 4.9.51-1+grsecunoff2; my Alpine Linux system is using 4.9.60 (with an unofficial port of the grsec patches) and kernel.org is on 4.9.62 so it's not that far behind.

"Men are born ignorant, not stupid. They are made stupid by education." — Bertrand Russell

That's the Debian package version, the kernel version is 4.9.51-1+grsecunoff2; my Alpine Linux system is using 4.9.60 (with an unofficial port of the grsec patches) and kernel.org is on 4.9.62 so it's not that far behind.

Of course, I studied all the links from the page you gave in the meantime, and I checked if we had it in Devuan: yes we do! And of course I'll install it, along with gradm2 and other recommends! (For Devuan it's in Ceres, something like our testing branch.)But it is old, it is. My packages that I gave above, based on the same grsecunoff by Mathias (minipli) Krause, who BTW has been taking some time off, and is sorely being missed, but Loic (HacKurx) updated the patch to 4.9.61, which I gave all the links and uploaded my deb packages... So my packages are kind of much newer version of grsecunoff. Could still be worth a try for some people, I'd hope.

I'm happy that grsec is being taken good care of. corsac, thank you so much for keeping the grsec available for us!

But it took corsac time to provide the packages, didn't it? And this is the first of the new series of grsec, the unofficial_grsecurity!See here:http://metadata.ftp-master.debian.org/c ... _changelogwhere, currently at the very top, there is only one single version of it:

* Pull changes from src:linux up to 4.9.51-1. * grsec/gen-patch: - update to generate patch from a local git repository with Mathias Krause grsec-unofficial tree (https://github.com/minipli/linux-unofficial_grsec) * Update grsecurity patch to the unofficial version maintained by Mathias Krause. * featureset-grsec/config: update long description to make it clear we are using the unofficial patch, unrelated to the private patch. * debian/lib/python/debian_linux/debian.py: handle new versioning scheme.